------------------------------------------------------------
[BUG/PRB.] VFP 9.0 FIX - SET COVERAGE COMMAND
August 2024
------------------------------------------------------------
CCB
1. BUG:
In vfp9, in the coverage profiler log file, if the width of the execution time > 15,
it will cause a buffer overflow, VFP will crash.
In vfp8 (and vfp6, vfp7), in the coverage profiler log file, if the width of the execution time > 15,
it will cause a buffer overflow, but VFP will not crash.
2. CAUSE:
In VFP 9.0 and earlier versions, in the coverage profiler log file,
usually the field type of the execution time is N(11,6),
if the width of the execution time > 15,
it will cause a buffer overflow, VFP will crash (in vfp9).
In VFP Advanced, in the coverage profiler log file,
if the width of the execution time > 15, VFP will save 15 characters in the execution time,
so there is no the bug.
There are some BUGs in the following code.
3. RESOLUTION:
We can write some code to fix the BUG.
Label5c77a5 ::
mov eax , dword ptr [ Data9370e8 ] ;0x005c77a5 : a1e8709300
sub eax , dword ptr [ Data937104 ] ;0x005c77aa : 2b0504719300
pushd 038h ;0x005c77b0 : 6a38
cdq ;0x005c77b2 : 99
pop esi ;0x005c77b3 : 5e
idiv esi ;0x005c77b4 : f7fe
mov esi , eax ;0x005c77b6 : 8bf0
mov eax , dword ptr [ Data936d1c ] ;0x005c77b8 : a11c6d9300
shl esi , 04h ;0x005c77bd : c1e604
add esi , dword ptr [eax] ;0x005c77c0 : 0330
cmp dword ptr [esi] , 00h ;0x005c77c2 : 833e00
jne Label4cec3b ;0x005c77c5 : 0f857074f0ff
mov eax , dword ptr [ Data93757c ] ;0x005c77cb : a17c759300
imul ecx , ecx , 038h ;0x005c77d0 : 6bc938
lea eax , dword ptr [ eax + ecx + 4 ] ;0x005c77d3 : 8d440804
mov ecx , dword ptr [ esi + 4 ] ;0x005c77d7 : 8b4e04
mov edi , dword ptr [eax] ;0x005c77da : 8b38
mov dword ptr [eax] , ecx ;0x005c77dc : 8908
cmp dword ptr [ Data931e00 ] , 01h ;0x005c77de : 833d001e930001
jne Label5c780c ;0x005c77e5 : 7525
cmp dword ptr [ Data931e04 ] , 00h ;0x005c77e7 : 833d041e930000
jne Label5c780c ;0x005c77ee : 751c
call Fun42e3f9 ;0x005c77f0 : e8046ce6ff
sub eax , dword ptr [ esi + 8 ] ;0x005c77f5 : 2b4608
sbb edx , [ esi + 12 ] ;0x005c77f8 : 1b560c
mov dword ptr [ ebp - 32 ] , eax ;0x005c77fb : 8945e0
mov dword ptr [ ebp - 28 ] , edx ;0x005c77fe : 8955e4
fild qword ptr [ ebp - 32 ] ;0x005c7801 : df6de0
fmul qword ptr [ Data91a398 ] ;0x005c7804 : dc0d98a39100
jmp Label5c7826 ;0x005c780a : eb1a
Label5c780c ::
lea eax , dword ptr [ ebp - 40 ] ;0x005c780c : 8d45d8
push eax ;0x005c780f : 50
call QueryPerformanceCounter ;0x005c7810 : ff1520709100
fild qword ptr [ ebp - 40 ] ;0x005c7816 : df6dd8
fild qword ptr [ esi + 8 ] ;0x005c7819 : df6e08
fsubp st(1) , st(0) ;0x005c781c : dee9
fild qword ptr [ Data931e00 ] ;0x005c781e : df2d001e9300
fdivp st(1) , st(0) ;0x005c7824 : def9
Label5c7826 ::
;
; -------------------------------------------------
; VFP 9.0 FIX - SET COVERAGE COMMAND
; August 2024
; -------------------------------------------------
; CCB
;
; In the coverage profiler log file, if the width of the execution time > 15, VFP will crash.
;
; 2024/8/8, by ccb
;
; push ecx ;0x005c7826 : 51
; push ecx ;0x005c7827 : 51
; fstp qword ptr [ esp ] ;0x005c7828 : dd1c24
; lea eax , dword ptr [ ebp - 20 ] ;0x005c782b : 8d45ec
; pushd offset Data92a790 ;0x005c782e : 6890a79200
; push eax ;0x005c7833 : 50
; call Fun43089c ;0x005c7834 : e86390e6ff
cmp dword ptr vfpa_sys9161_data,00h
jne Label5c7827
push ecx ;0x005c7826 : 51
push ecx ;0x005c7827 : 51
fstp qword ptr [ esp ] ;0x005c7828 : dd1c24
lea eax , dword ptr [ ebp - 20 ] ;0x005c782b : 8d45ec
pushd offset Data92a790 ;0x005c782e : 6890a79200
push eax ;0x005c7833 : 50
call Fun43089c ;0x005c7834 : e86390e6ff
jmp Label5c7839
Label5c7827 ::
sub esp , 100h
lea eax , dword ptr [ esp + 00h ]
push ecx ;0x005c7826 : 51
push ecx ;0x005c7827 : 51
fstp qword ptr [ esp ] ;0x005c7828 : dd1c24
pushd offset Data92a790 ;0x005c782e : 6890a79200
push eax ;0x005c7833 : 50
call Fun43089c ;0x005c7834 : e86390e6ff
lea ecx , dword ptr [ esp + 00h ][10h]
lea eax , dword ptr [ ebp - 20 ]
push 10h
push ecx
push eax
call lstrcpynA
add esp , 100h
jmp Label5c7839
Label5c7839 ::
lea eax , dword ptr [ ebp - 20 ] ;0x005c7839 : 8d45ec
pushd 02Ch ;0x005c783c : 6a2c
push eax ;0x005c783e : 50
call _mbschr = qword ptr [ Data9370b0 ] ;0x005c783f : ff15b0709300
add esp , 018h ;0x005c7845 : 83c418
test eax , eax ;0x005c7848 : 85c0
je Label5c784f ;0x005c784a : 7403
mov byte ptr [eax] , 02Eh ;0x005c784c : c6002e
Label5c784f ::
lea eax , dword ptr [ ebp - 20 ] ;0x005c784f : 8d45ec
lea edx , dword ptr [ eax + 1 ] ;0x005c7852 : 8d5001
Label5c7855 ::
mov cl , byte ptr [eax] ;0x005c7855 : 8a08
inc eax ;0x005c7857 : 40
test cl , cl ;0x005c7858 : 84c9
jne Label5c7855 ;0x005c785a : 75f9
sub eax , edx ;0x005c785c : 2bc2
mov byte ptr [ ebp + eax - 20 ] , 02Ch ;0x005c785e : c64405ec2c
inc eax ;0x005c7863 : 40
push eax ;0x005c7864 : 50
lea eax , dword ptr [ ebp - 20 ] ;0x005c7865 : 8d45ec
push eax ;0x005c7868 : 50
push dword ptr [ Data936c08 ] ;0x005c7869 : ff35086c9300
call Fun431e4d ;0x005c786f : e8d9a5e6ff
mov eax , dword ptr [ Data936c08 ] ;0x005c7874 : a1086c9300
mov ecx , dword ptr [ Data93757c ] ;0x005c7879 : 8b0d7c759300
imul eax , eax , 038h ;0x005c787f : 6bc038
mov dword ptr [ eax + ecx + 4 ] , edi ;0x005c7882 : 897c0804
mov dword ptr [esi] , 01h ;0x005c7886 : c70601000000
jmp Label4cec3b ;0x005c788c : e9aa73f0ff
4. APPLIES TO:
VFP 6.0.8167.0
VFP 6.0.8961.0 (SP5)
VFP 7.0.0.9262
VFP 7.0.0.9465 (SP1)
VFP 8.0.0.2521
VFP 8.0.0.3117 (SP1)
VFP 9.0.0.2412
VFP 9.0.0.3504 (SP1)
VFP 9.0.0.4611 (SP2)
VFP 9.0.0.5015 (SP2)
VFP 9.0.0.5411 (SP2)
VFP 9.0.0.5721 (SP2)
VFP 9.0.0.5815 (SP2)
VFP 9.0.0.6303 (SP2)
VFP 9.0.0.6602 (SP2)
VFP 9.0.0.7423 (SP2)
The bug has been fixed in VFP Advanced.
5. REFERENCE WEBSITES:
1, baiyujia.com:
http://www.baiyujia.com
http://www.baiyujia.com/vfpdocuments/f_vfp9fix332.asp
6. OTHER:
For reference only, there is no guarantees.
Any questions or suggestions, please send me an email at ccb2000@163.com.
|